BGP Dump file prefixes

Date view	Thread view	Subject view	Author view

Subject: BGP Dump file prefixes
From: Allan Houston (ahouston@blueyonder.co.uk)
Date: Wed Jul 30 2003 - 11:21:13 CDT

Next message: David Dube: "CUflow Confige what is wrong here ? Thanks :)"
Previous message: Kris Amy: "Cisco PIX"

Hi,

I'm a bit new to flowscan - still trying to get to grips with some of the
principles.

I'm busy trying to build up some BGP AS stats - I've got flows coming in
from one of our border GSRs as a test.
I've taken a full BGP dump, but when I start up flowscan :

root@zulu:/var/netflow/bin# ./flowscan
Loading "/var/netflow/bin/bgp_flow.txt" ... Nexthop not found:    Network
Next Hop            Metric LocPrf Weight Path
$ at (eval 13) line 1
Metric not found:    Network          Next Hop            Metric LocPrf
Weight Path
$ at (eval 13) line 1
Local Preference not found:    Network          Next Hop            Metric
LocPrf Weight Path
$ at (eval 13) line 1
Weight not found:    Network          Next Hop            Metric LocPrf
Weight Path
$ at (eval 13) line 1
Origin code not found:    Network          Next Hop            Metric LocPrf
Weight Path
$ at (eval 13) line 1
5977 prefixes loaded.
NextHops and OutputIfIndexes are undefined.
Identifying outbound flows based solely on destination address ...
Loading "Napster_subnets.boulder" ...
Loading "local_nets.boulder" ...
2003/07/30 17:11:23 working on file /var/netflow/flows.20030730_15:51:37...

Ignoring the errors that carp is spitting out - the number of prefixes is a
little low ? The BGP dump file is around 30 meg and contains around 130k
routes or so ?

When I look at the origin and path reports - there are AS's shown, but the
bytes in and out are almost nothing (considering this router pushes around
2gbps egress on average)

Router is configured with : ip flow-export version 5 origin-as

My CampusIO config looks like so :

# ASPairs (OPTIONAL)
# source_AS:destination_AS, e.g.:
# ASPairs 0:0
# (Note that the effect of setting ASPairs will be different based on
whether
# you specified "peer-as" or "origin-as" when you configured your Cisco.)
ASPairs 0:1668,0:3356,0:3561,1668:0,3356:0,3561:0

# BGPDumpFile (OPTIONAL)
# the name of a file containing the output of "show ip bgp" on your Cisco
# exporter.  If this option is used, and the specified file exists, it will
# cause the "originAS" and "pathAS" reports to be generated.  Furthermore,
# if the BGPDumpFile's modification time is updated, it will be reloaded.
BGPDumpFile /var/netflow/bin/bgp_flow.txt

I've picked a few AS's I know will take a fair amount of traffic in the
ASPairs statement.

Looking at the RRDs, the figures look a little low too :

root@zulu:/var/netflow/rrds# rrdtool fetch 3356\:0.rrd AVERAGE | grep -v nan
                    bytes          pkts         flows

1059574800: 2.2553000000e+03 2.9733333333e+00 2.7033333333e+00
1059575100: 3.9165946291e+03 5.1814459482e+00 4.6027183793e+00
1059575400: 7.7386116380e+03 1.0091561852e+01 8.7926114956e+00
1059575700: 5.6236643267e+03 7.3067991170e+00 6.5500662252e+00
1059576000: 6.0166768212e+03 7.5718543046e+00 6.6258278146e+00
1059576300: 6.3933388521e+03 8.0081236203e+00 6.8783664459e+00
1059576600: 6.3739608473e+03 7.9026877655e+00 6.8269204205e+00
1059576900: 6.3688544507e+03 7.6471466716e+00 6.5883555177e+00
1059577200: 6.1958952333e+03 7.5852118765e+00 6.5956535610e+00
1059577500: 6.0193360029e+03 7.5116865782e+00 6.5989380505e+00

root@zulu:/var/netflow/rrds# rrdtool fetch 0\:3356.rrd AVERAGE | grep -v nan
                    bytes          pkts         flows

1059574800: 7.8911000000e+02 2.2733333333e+00 2.0833333333e+00
1059575100: 1.2274614133e+03 3.8007116124e+00 3.4955910610e+00
1059575400: 2.1963728766e+03 7.2658701389e+00 6.6086602267e+00
1059575700: 2.1471281678e+03 5.3964238411e+00 4.9169536424e+00
1059576000: 2.0645119205e+03 5.4880794702e+00 5.0168874172e+00
1059576300: 1.9263277263e+03 5.5910375276e+00 4.9938189845e+00
1059576600: 1.9591176590e+03 5.2834380259e+00 4.7378823975e+00
1059576900: 1.7069011490e+03 5.4807783096e+00 4.9678681544e+00
1059577200: 1.6906508576e+03 5.7995874678e+00 5.2407222063e+00
1059577500: 1.7535111512e+03 5.4546067927e+00 5.0036376171e+00


Any tips would be greatly appreciated :)

Cheers,
Allan.



--
Help        mailto:majordomo@net.doit.wisc.edu and say "help" in message body
Unsubscribe mailto:majordomo@net.doit.wisc.edu and say
"unsubscribe flowscan" in message body
Archive     http://net.doit.wisc.edu/~plonka/list/flowscan/archive/

Next message: David Dube: "CUflow Confige what is wrong here ? Thanks :)"
Previous message: Kris Amy: "Cisco PIX"

Date view	Thread view	Subject view	Author view

This archive was generated by hypermail 2b25 : Wed Jul 30 2003 - 11:23:11 CDT